allow kernel self:capability { mknod };
# /dev/mbin0
allow kernel emmcblk_device:blk_file r_file_perms;
allow kernel device:blk_file { create setattr getattr unlink };
# /bus/usb/001/001
allow kernel device:dir { create write remove_name rmdir add_name };
allow kernel device:chr_file { create setattr getattr unlink };

# /sys/devices/system/cpu/cpu[0-9]/cpufreq/*
allow kernel kernel:capability { chown };
allow kernel sysfs_devices_system_cpu:file { setattr };
allow kernel sysfs:file { setattr };

allow kernel app_efs_file:dir search;
allow kernel app_efs_file:file { read write open };

allow kernel efs_file:dir search;
allow kernel battery_efs_file:dir { search open read };
allow kernel battery_efs_file:file { read open };
